The scope of work is to deliver the Cloud Detection & Response (CDR)/ Cloud Native Application Protection Platform (CNAPP) services using the Wiz CNAPP cloud native platform (Wiz CNAPP cloud).

{
  "awards": [
    {
      "id": "057489-2025-1",
      "relatedLots": [
        "1"
      ],
      "status": "active"
    }
  ],
  "buyer": {
    "id": "GB-FTS-72764",
    "name": "Scotland Gas Networks (SGN)"
  },
  "contracts": [
    {
      "awardID": "057489-2025-1",
      "dateSigned": "2025-02-20T00:00:00Z",
      "id": "057489-2025-1",
      "status": "active"
    }
  ],
  "date": "2025-09-17T16:58:50+01:00",
  "id": "057489-2025",
  "initiationType": "tender",
  "language": "en",
  "ocid": "ocds-h6vhtk-02874b",
  "parties": [
    {
      "address": {
        "countryName": "United Kingdom",
        "locality": "Horley",
        "postalCode": "RH6 9HJ",
        "region": "UK",
        "streetAddress": "St Lawrence House, Station Approach"
      },
      "contactPoint": {
        "email": "mobasshir.mushtaq@sgn.co.uk"
      },
      "details": {
        "classifications": [
          {
            "description": "Production, transport and distribution of gas and heat",
            "id": "PRODUCTION_TRANSPORT_DISTRIBUTION_GAS_HEAT",
            "scheme": "TED_CE_ACTIVITY"
          }
        ],
        "url": "https://www.sgn.co.uk"
      },
      "id": "GB-FTS-72764",
      "identifier": {
        "legalName": "Scotland Gas Networks (SGN)"
      },
      "name": "Scotland Gas Networks (SGN)",
      "roles": [
        "buyer"
      ]
    },
    {
      "address": {
        "countryName": "United Kingdom",
        "locality": "Horley",
        "postalCode": "RH6 9HJ",
        "streetAddress": "St Lawrence House,"
      },
      "id": "GB-FTS-71661",
      "identifier": {
        "legalName": "SGN"
      },
      "name": "SGN",
      "roles": [
        "reviewBody"
      ]
    }
  ],
  "tag": [
    "award",
    "contract"
  ],
  "tender": {
    "classification": {
      "description": "Security services",
      "id": "79710000",
      "scheme": "CPV"
    },
    "description": "The scope of work is to deliver the Cloud Detection \u0026 Response (CDR)/ Cloud Native\nApplication Protection Platform (CNAPP) services using the Wiz CNAPP cloud native\nplatform (Wiz CNAPP cloud).\nCNAPP is a convergence of 3 different capabilities, which provide the foundations for an\neffective Cloud Detection and Response (CDR) capability which SGN does not currently\nhave. This brings together the following three areas:\nCloud Security Posture Management (CSPM)\nCSPM continuously monitors, identifies, alerts on, and remediates compliance risks and\nmisconfigurations in cloud environments. Cloud misconfigurations are often exploited by\nthreat actors. CSPM systems monitor cloud assets, then continually and automatically\ncheck for cloud misconfigurations that may result in data breaches. Cloud environments\ncan be extremely complicated, and mistakes can be very hard to detect and manually\nCloud Infrastructure Entitlements Management (CIEM)\nMonitors human and service identities; effective permissions; and exposed secrets across\ncloud environments. CIEM continuously analyses risk and generates least privilege access\npolicies to efficiently remove any unused, risky, or excessive privileges. This mitigates the\nrisk of escalation of privilege, lateral movement and ultimately data breaches in the cloud.\nIT currently does not have this level of visibility onto cloud permissions and identities.\nCloud Workload Protection (CWP)\nCWP\u2019s monitor workloads in the cloud, scan for vulnerabilities and provide information\nregarding those vulnerabilities.\nThe Pricing Model for the SGN CDR/CNAPP solution and service is based on a combination\nof the service elements requested by SGN.\nThe basis of pricing is outlined below and tailored to meet SGN\u2019s requirements.",
    "id": "ocds-h6vhtk-02874b",
    "items": [
      {
        "deliveryAddresses": [
          {
            "region": "UK"
          }
        ],
        "id": "1",
        "relatedLot": "1"
      }
    ],
    "legalBasis": {
      "id": "32014L0025",
      "scheme": "CELEX"
    },
    "lots": [
      {
        "description": "The scope of work is to deliver the Cloud Detection \u0026 Response (CDR)/ Cloud Native\nApplication Protection Platform (CNAPP) services using the Wiz CNAPP cloud native\nplatform (Wiz CNAPP cloud).\nCNAPP is a convergence of 3 different capabilities, which provide the foundations for an\neffective Cloud Detection and Response (CDR) capability which SGN does not currently\nhave. This brings together the following three areas:\nCloud Security Posture Management (CSPM)\nCSPM continuously monitors, identifies, alerts on, and remediates compliance risks and\nmisconfigurations in cloud environments. Cloud misconfigurations are often exploited by\nthreat actors. CSPM systems monitor cloud assets, then continually and automatically\ncheck for cloud misconfigurations that may result in data breaches. Cloud environments\ncan be extremely complicated, and mistakes can be very hard to detect and manually\nCloud Infrastructure Entitlements Management (CIEM)\nMonitors human and service identities; effective permissions; and exposed secrets across\ncloud environments. CIEM continuously analyses risk and generates least privilege access\npolicies to efficiently remove any unused, risky, or excessive privileges. This mitigates the\nrisk of escalation of privilege, lateral movement and ultimately data breaches in the cloud.\nIT currently does not have this level of visibility onto cloud permissions and identities.\nCloud Workload Protection (CWP)\nCWP\u2019s monitor workloads in the cloud, scan for vulnerabilities and provide information\nregarding those vulnerabilities.\nThe Pricing Model for the SGN CDR/CNAPP solution and service is based on a combination\nof the service elements requested by SGN.\nThe basis of pricing is outlined below and tailored to meet SGN\u2019s requirements.\n1. Subscription and Product Support:\na. Based on CNAPP SaaS platform services and based the volumes of SGN\nCloud assets being monitored.\nb. Premium Wiz Platform support.\n2. Initial Deployment / Onboarding:\na. Phase 1 - Solution Design:\nb. Phase 2 - Enablement and Prioritization:\nc. Phase 3 \u2013 Integration, Testing and Go Live:\nd. Phase 4 - Training and Knowledge Transfer:\n3. Training: The Supplier will provide a range of Knowledge Transfer to SGN Security\nand Admin/platform personnel as outlined in Initial Deployment/Implementation. As\npart of the Wiz service, SGN can have access to a range of online training material at\nWiz Academy. Through the Premium Support, SGN can also receive enablement\nsessions to empower specific SGN roles (i.e. GRC) such as on setting compliance\npolicies for reporting and alerting (as Ofgem requirements change).\nA solution is needed within the business to meet current and future cyber threats across\nits cloud infrastructure/environment. The CNAPP solution will allow SGN to overcome\npotential threats and exposure within the business.",
        "hasOptions": false,
        "id": "1",
        "status": "cancelled"
      }
    ],
    "mainProcurementCategory": "services",
    "procurementMethod": "selective",
    "procurementMethodDetails": "Negotiated procedure with prior call for competition",
    "status": "complete",
    "techniques": {
      "hasFrameworkAgreement": true
    },
    "title": "The scope of work is to deliver the Cloud Detection \u0026 Response (CDR)/ Cloud Native Application Protection Platform (CNAPP) services using the Wiz CNAPP cloud native platform (Wiz CNAPP cloud)."
  }
}